Kitgenix Plugin Score

wpforo

Slug: wpforo · · 0+

Not updated in last 3 months

Overall Score

Scan this plugin to generate a full score report

--
Not Yet Scanned

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

  • Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
  • Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
  • Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
  • High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
No scan has been completed yet. Vulnerability and issue data will appear after the first scan.
  • Wordfence: June 10, 2026 7:46 am (31 minutes ago)

Actions

View on WordPress.org Download Plugin
After the first scan, this plugin will be automatically re-scanned every 30 days.
Export report: CSV JSON

Score Breakdown

Shield
Security
--
Pending Scan
W
WP.org Readiness
--
Pending Scan
Speed
Performance
--
Pending Scan
Code
Code Quality
--
Pending Scan
A11y
Accessibility
--
Pending Scan
Bug
Vulnerability Status
--
Pending Scan

Plugin Details

Scan Summary

  • Errors: 0
  • Warnings: 0
  • Notices: 0
  • Last Scanned: N/A
No scan results yet. Start the first scan to populate this summary.

Detected Issues

No issues to display yet. Run the first scan to generate findings.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability CVE Severity Status Affected Versions Patched Version Updated Source
wpForo Forum <= 2.2.8 - Cross-Site Request Forgery via logout() N/A LOW Closed *-2.2.8 2.2.9 2023-11-20 00:00:00 Wordfence
wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents N/A LOW Closed *-2.1.7 2.1.8 2023-06-01 00:00:00 Wordfence
wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path N/A LOW Closed *-3.0.5 3.0.6 2026-04-20 05:51:32 Wordfence
wpForo Forum <= 2.2.5 - Missing Authorization N/A LOW Closed *-2.2.5 2.2.6 2023-11-20 00:00:00 Wordfence
wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting N/A LOW Closed *-2.2.3 2.2.4 2023-11-20 00:00:00 Wordfence
wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection N/A LOW Closed *-2.4.14 2.4.15 2026-02-18 00:00:00 Wordfence
wpForo Forum < 3.0.2 - Missing Authorization N/A LOW Closed [*, 3.0.2) 3.0.2 2026-04-21 00:00:00 Wordfence
wpForo Forum <= 3.0.6 - Missing Authorization N/A LOW Closed *-3.0.6 3.0.7 2026-05-18 00:00:00 Wordfence
wpForo < = 1.5.1 - Privilege Escalation N/A LOW Closed *-1.5.1 1.5.2 2018-09-06 00:00:00 Wordfence
wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection N/A LOW Closed *-2.4.13 2.4.14 2026-02-10 00:00:00 Wordfence
wpForo Forum <= 1.6.5 - Cross-Site Request Forgery N/A LOW Closed *-1.6.5 1.7.0 2020-05-04 00:00:00 Wordfence
wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection N/A LOW Closed *-2.0.9 2.1.0 2022-12-07 00:00:00 Wordfence
wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug' N/A LOW Closed *-2.1.8 2.1.9 2023-07-03 00:00:00 Wordfence
wpForo Forum < 1.4.12 - Reflected Cross-Site Scripting N/A LOW Closed [*, 1.4.12) 1.4.12 2018-06-01 00:00:00 Wordfence
wpForo Forum <= 2.0.5 - Cross-Site Request Forgery N/A LOW Closed *-2.0.5 2.0.6 2022-09-08 00:00:00 Wordfence
wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter N/A LOW Closed *-1.6.5 1.7.0 2020-05-04 00:00:00 Wordfence
wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter N/A LOW Closed *-3.0.2 3.0.3 2026-04-10 18:51:03 Wordfence
wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload N/A LOW Closed *-2.0.9 2.1.0 2022-11-09 00:00:00 Wordfence
wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar N/A LOW Closed *-2.4.5 2.4.6 2025-07-09 12:30:57 Wordfence
wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter N/A LOW Closed *-2.4.16 3.0.0 2026-04-16 14:05:14 Wordfence
wpForo Forum <= 2.2.3 - Unauthenticated Privilege Escalation N/A LOW Closed *-2.2.3 2.2.4 2023-11-20 00:00:00 Wordfence
wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter N/A LOW Closed *-1.6.5 1.7.0 2020-05-04 00:00:00 Wordfence
wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection N/A LOW Closed *-2.4.12 2.4.13 2025-12-13 16:20:06 Wordfence
wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection N/A LOW Closed *-2.3.3 2.3.4 2024-05-31 19:39:04 Wordfence
wpForo Forum <= 2.4.10 - Missing Authorization N/A LOW Closed *-2.4.10 2.4.11 2025-11-18 00:00:00 Wordfence
wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body N/A LOW Closed *-2.4.16 2.4.17 2026-04-03 22:11:24 Wordfence
wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change N/A LOW Closed *-2.0.5 2.0.6 2022-09-26 09:03:00 Wordfence
wpForo Forum <= 1.9.6 - Open Redirect N/A LOW Closed *-1.9.6 1.9.7 2021-06-14 00:00:00 Wordfence
wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change N/A LOW Closed *-2.0.5 2.0.6 2022-11-26 09:52:00 Wordfence
wpForo Forum <= 2.0.9 - Cross-Site Request Forgery N/A LOW Closed *-2.0.9 2.1.0 2022-11-09 00:00:00 Wordfence
wpForo Forum <= 3.0.4 - Unauthenticated SQL Injection N/A LOW Closed *-3.0.4 3.0.5 2026-05-07 00:00:00 Wordfence
wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function N/A LOW Closed *-2.4.8 2.4.9 2025-10-24 00:00:00 Wordfence
wpForo Forum <= 1.4.12 - SQL Injection N/A LOW Closed *-1.4.12 1.4.13 2018-05-27 00:00:00 Wordfence
wpForo Forum <= 2.4.6 - Authenticated (Subscriber+) Insecure Direct Object Reference N/A LOW Closed *-2.4.6 2.4.7 2025-09-03 00:00:00 Wordfence
wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection N/A LOW Closed *-2.4.9 2.4.10 2025-10-31 00:00:00 Wordfence
wpForo Forum <= 2.4.3 - Authenticated (Subscriber+) Privilege Escalation N/A LOW Closed *-2.4.3 2.4.4 2025-04-02 00:00:00 Wordfence
wpForo Forum <= 3.1.0 - Unauthenticated PHP Object Injection N/A LOW Closed *-3.1.0 3.1.1 2026-06-04 00:00:00 Wordfence
wpForo Forum <= 2.0.5 - Cross-Site Request Forgery N/A LOW Closed *-2.0.5 2.0.6 2022-09-08 00:00:00 Wordfence
wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference N/A LOW Closed *-2.3.4 2.3.5 2024-08-16 00:00:00 Wordfence
wpForo Forum <= 2.3.4 - Unauthenticated Sensitive Information Exposure N/A LOW Closed *-2.3.4 2.3.5 2024-08-16 00:00:00 Wordfence
wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update N/A LOW Closed *-2.4.1 2.4.2 2025-02-27 00:00:00 Wordfence
wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class N/A LOW Closed *-1.6.5 1.7.0 2020-05-04 00:00:00 Wordfence